路由器(网络层)
作用:
1、隔离泛洪范围——路由器的一个接口对应一个广播域——路由器也被称为网关
2、转发
路由器的转发原理
当一个数据包来到路由器,路由器将基于数据包中的目标IP地址查看路由表,
若表中有记录,则将无条件按照路由表的指示转发,否则直接将数据包丢弃
路由表分析
display ip routing-table——查看路由表
Destination/Mask Proto Pre Cost Flags NextHop Interface
192.168.1.0/24 Direct 0 0 D 192.168.1.1 GigabitEthernet0/0/0
192.168.2.0/24 Direct 0 0 D 192.168.2.1 GigabitEthernet0/0/1
Destination/Mask——表明要去的目的子网
Proto ——协议——可以表示路由条目的类型
Direct——直连路由
Pre——优先级——当两条路由条目的目标网段相同时,我们仅加载优先级较高的路由条目到路由表中,取值范围(0~255),数值越大优先级越低
华为设备静态路由优先级默认为60,直连路由优先级默认为0
NextHop ——吓一跳,就是数据到达目标网段下一个经过路由器接口的入接口的IP,直连路由直接写路由器出接口的IP
Interface——流量流出的接口
直连路由生成的条件
1、接口双UP
2、接口必须配IP
路由器与路由器连接的链路:称为骨干链路——链路中间不添加任何设备
路由器获取前往未知网段的路由信息
1、静态路由:由网络管理员手工添加
2、动态路由:所有路由器上运行相同的路由协议,之后通过路由器之间的沟通交流,最终计算生成的路由条
TTL(生存时间值)的主要作用是避免IP包在网络中的无限循环和收发(环路问题),节省了网络资源,并能使IP包的发送者能收到告警消息。
静态路由配置实现全网可达
根据分出的网段和接口的IP进行添加
配置AR1的网关
<Huawei>system-view //进入用户视图
[Huawei]sysname r1 //方便区分,更名为r1
[r1]interface GigabitEthernet 0/0/0 //进入0/0/0接口
[r1-GigabitEthernet0/0/0]ip address 192.168.1.1 24 //添加网关,子网掩码
[r1-GigabitEthernet0/0/0]q //退出接口界面
[r1]interface GigabitEthernet 0/0/1 //进入0/0/1接口
[r1-GigabitEthernet0/0/1]ip address 192.168.2.1 24 //添加网关,子网掩码
[r1-GigabitEthernet0/0/1]q
[r1]interface GigabitEthernet 0/0/2 //进入0/0/2接口
[r1-GigabitEthernet0/0/2]ip address 192.168.3.1 24 //添加网关
[r1-GigabitEthernet0/0/2]q
[r1]display ip interface brief //查看路由器的接口信息
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 192.168.1.1/24 up up
GigabitEthernet0/0/1 192.168.2.1/24 up up
GigabitEthernet0/0/2 192.168.3.1/24 up up
NULL0 unassigned up up(s)
配置AR2的网关
<Huawei>system-view
[Huawei]sysname r2
[r2]interface GigabitEthernet 0/0/0
[r2-GigabitEthernet0/0/0]ip address 192.168.2.2 24
[r2-GigabitEthernet0/0/0]q
[r2]interface GigabitEthernet 0/0/1
[r2-GigabitEthernet0/0/1]ip address 192.168.4.1 24
[r2-GigabitEthernet0/0/1]q
[r2]display ip interface brief
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 192.168.2.2/24 up up
GigabitEthernet0/0/1 192.168.4.1/24 up up
GigabitEthernet0/0/2 unassigned down down
NULL0 unassigned up up(s)
配置AR3的网关
<Huawei>system-view
[Huawei]sysname r3
[r3]interface GigabitEthernet 0/0/0
[r3-GigabitEthernet0/0/0]ip address 192.168.3.2 24
[r3-GigabitEthernet0/0/0]q
[r3]interface GigabitEthernet 0/0/1
[r3-GigabitEthernet0/0/1]ip address 192.168.5.1 24
[r3-GigabitEthernet0/0/1]q
[r3]display ip interface brief
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 192.168.3.2/24 up up
GigabitEthernet0/0/1 192.168.5.1/24 up up
GigabitEthernet0/0/2 unassigned down down
NULL0 unassigned up up(s)
配置AR4的网关
<Huawei>system-view
[Huawei]sysname r4
[r4]interface GigabitEthernet 0/0/0
[r4-GigabitEthernet0/0/0]ip address 192.168.5.2 24
[r4-GigabitEthernet0/0/0]q
[r4]interface GigabitEthernet 0/0/1
[r4-GigabitEthernet0/0/1]ip address 192.168.4.2 24
[r4-GigabitEthernet0/0/1]q
[r4]interface GigabitEthernet 0/0/2
[r4-GigabitEthernet0/0/2]ip address 192.168.6.1 24
[r4-GigabitEthernet0/0/2]q
[r4]display ip interface brief
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 192.168.5.2/24 up up
GigabitEthernet0/0/1 192.168.4.2/24 up up
GigabitEthernet0/0/2 192.168.6.1/24 up up
NULL0 unassigned up up(s)
配置PC1的IP地址、网关、子网掩码
配置PC2的IP地址、网关、子网掩码
使用PC1简单测试
总结:
直连路由:192.168.2.1 192.168.3.1全能ping通
非直连路由都无法ping通,
为什么PC1无法ping通192.168.2.2
原因:tcp是双向传输的过程,在AR2的路由表中查询不到PC1的地址信息,就直接扔掉了,
所以无法实现ping通
PC>ping 192.168.6.10
Ping 192.168.6.10: 32 data bytes, Press Ctrl_C to break
Request timeout!
Request timeout!
--- 192.168.6.10 ping statistics ---
2 packet(s) transmitted
0 packet(s) received
100.00% packet loss
PC>ping 192.168.2.1
Ping 192.168.2.1: 32 data bytes, Press Ctrl_C to break
From 192.168.2.1: bytes=32 seq=1 ttl=255 time=31 ms
From 192.168.2.1: bytes=32 seq=2 ttl=255 time<1 ms
--- 192.168.2.1 ping statistics ---
2 packet(s) transmitted
2 packet(s) received
0.00% packet loss
round-trip min/avg/max = 0/15/31 ms
PC>ping 192.168.3.1
Ping 192.168.3.1: 32 data bytes, Press Ctrl_C to break
From 192.168.3.1: bytes=32 seq=1 ttl=255 time<1 ms
From 192.168.3.1: bytes=32 seq=2 ttl=255 time=15 ms
--- 192.168.3.1 ping statistics ---
2 packet(s) transmitted
2 packet(s) received
0.00% packet loss
round-trip min/avg/max = 0/7/15 ms
PC>ping 192.168.3.2
Ping 192.168.3.2: 32 data bytes, Press Ctrl_C to break
Request timeout!
Request timeout!
--- 192.168.3.2 ping statistics ---
3 packet(s) transmitted
0 packet(s) received
100.00% packet loss
使用PC2进行今天测试
PC>ping 192.168.1.10
Ping 192.168.1.10: 32 data bytes, Press Ctrl_C to break
Request timeout!
Request timeout!
Request timeout!
--- 192.168.1.10 ping statistics ---
3 packet(s) transmitted
0 packet(s) received
100.00% packet loss
PC>ping 192.168.4.2
Ping 192.168.4.2: 32 data bytes, Press Ctrl_C to break
From 192.168.4.2: bytes=32 seq=1 ttl=255 time=32 ms
From 192.168.4.2: bytes=32 seq=2 ttl=255 time=46 ms
--- 192.168.4.2 ping statistics ---
2 packet(s) transmitted
2 packet(s) received
0.00% packet loss
round-trip min/avg/max = 32/39/46 ms
PC>ping 192.168.4.1
Ping 192.168.4.1: 32 data bytes, Press Ctrl_C to break
Request timeout!
Request timeout!
--- 192.168.4.1 ping statistics ---
2 packet(s) transmitted
0 packet(s) received
100.00% packet loss
PC>ping 192.168.5.2
Ping 192.168.5.2: 32 data bytes, Press Ctrl_C to break
From 192.168.5.2: bytes=32 seq=1 ttl=255 time<1 ms
From 192.168.5.2: bytes=32 seq=2 ttl=255 time=16 ms
--- 192.168.5.2 ping statistics ---
2 packet(s) transmitted
2 packet(s) received
0.00% packet loss
round-trip min/avg/max = 0/8/16 ms
PC>ping 192.168.2.1
Ping 192.168.2.1: 32 data bytes, Press Ctrl_C to break
Request timeout!
Request timeout!
--- 192.168.2.1 ping statistics ---
2 packet(s) transmitted
0 packet(s) received
100.00% packet loss
配置静态路由
命令:ip route-static 目标网段 子网掩码 下一个路由器的入口IP
方法:查看直连路由,然后再配静态
配置AR1的静态路由
[r1]display ip routing-table //查看路由表,以下为直连路由
192.168.1.0/24 Direct 0 0 D 192.168.1.1 GigabitEthernet
0/0/0
192.168.2.0/24 Direct 0 0 D 192.168.2.1 GigabitEthernet
0/0/1
192.168.3.0/24 Direct 0 0 D 192.168.3.1 GigabitEthernet
0/0/2
[r1]ip route-static 192.168.4.0 24 192.168.2.2 //配置到达4.0网段的的静态路由
[r1]ip route-static 192.168.5.0 24 192.168.3.2 //配置到达5.0网段的的静态路由
[r1]ip route-static 192.168.6.0 24 192.168.3.2 //配置到达6.0网段的的静态路由
配置AR2的静态路由
[r2]display ip routing-table
192.168.2.0/24 Direct 0 0 D 192.168.2.2 GigabitEthernet
0/0/0
192.168.4.0/24 Direct 0 0 D 192.168.4.1 GigabitEthernet
0/0/1
[r2]ip route-static 192.168.1.0 24 192.168.2.1
[r2]ip route-static 192.168.3.0 24 192.168.2.1
[r2]ip route-static 192.168.5.0 24 192.168.4.2
[r2]ip route-static 192.168.6.0 24 192.168.4.2
配置AR3的静态路由
[r3]display ip routing-table
192.168.3.0/24 Direct 0 0 D 192.168.3.2 GigabitEthernet
0/0/0
192.168.5.0/24 Direct 0 0 D 192.168.5.1 GigabitEthernet
0/0/1
[r3]ip route-static 192.168.1.0 24 192.168.3.1
[r3]ip route-static 192.168.2.0 24 192.168.3.1
[r3]ip route-static 192.168.4.0 24 192.168.5.2
[r3]ip route-static 192.168.6.0 24 192.168.5.2
配置AR4的静态路由
[r4]display ip routing-table
192.168.4.0/24 Direct 0 0 D 192.168.4.2 GigabitEthernet
0/0/1
192.168.5.0/24 Direct 0 0 D 192.168.5.2 GigabitEthernet
0/0/0
[r4]ip route-static 192.168.1.0 24 192.168.5.1
[r4]ip route-static 192.168.2.0 24 192.168.4.1
[r4]ip route-static 192.168.3.0 24 192.168.5.1
测试
PC1 ping PC2
PC>ping 192.168.6.10 //PC1pingPC2
Ping 192.168.6.10: 32 data bytes, Press Ctrl_C to break
From 192.168.6.10: bytes=32 seq=1 ttl=125 time=31 ms
From 192.168.6.10: bytes=32 seq=2 ttl=125 time=31 ms
--- 192.168.6.10 ping statistics ---
2 packet(s) transmitted
2 packet(s) received
0.00% packet loss
round-trip min/avg/max = 31/31/31 ms
路由器ping网关
<r1>ping 192.168.4.2
PING 192.168.4.2: 56 data bytes, press CTRL_C to break
Reply from 192.168.4.2: bytes=56 Sequence=1 ttl=254 time=40 ms
Reply from 192.168.4.2: bytes=56 Sequence=2 ttl=254 time=30 ms
Reply from 192.168.4.2: bytes=56 Sequence=3 ttl=254 time=30 ms
Reply from 192.168.4.2: bytes=56 Sequence=4 ttl=254 time=30 ms
--- 192.168.4.2 ping statistics ---
4 packet(s) transmitted
4 packet(s) received
0.00% packet loss
round-trip min/avg/max = 30/32/40 ms
<r1>ping 192.168.5.2
PING 192.168.5.2: 56 data bytes, press CTRL_C to break
Reply from 192.168.5.2: bytes=56 Sequence=1 ttl=254 time=30 ms
Reply from 192.168.5.2: bytes=56 Sequence=2 ttl=254 time=30 ms
Reply from 192.168.5.2: bytes=56 Sequence=3 ttl=254 time=30 ms
--- 192.168.5.2 ping statistics ---
3 packet(s) transmitted
3 packet(s) received
0.00% packet loss
round-trip min/avg/max = 30/30/30 ms
拓展配置
负载均衡:
当路由器访问同一个目标,且有多条开销相似的路径时,可以让设备将流量拆分后沿多条路径同时传输,起到带宽叠加的功能
1.0~6.0
ip route-static 192.168.6.0 24 192.168.2.2
ip route-static 192.168.6.0 24 192.168.3.2
环回接口:
路由器配置的虚拟接口,一般用于虚拟实验,不受设备的额限制。
ping -a 192.168.1.1 172.16.1.1 ——指定发送数据包的源IP
配置AR1网关
[Huawei]interface GigabitEthernet 0/0/0
[Huawei-GigabitEthernet0/0/0]ip address 12.0.0.1 24
配置环回AR1接口
[Huawei]interface loopback0
[Huawei-LoopBack0]ip address 192.168.1.1 24
[Huawei]interface loopback1
[Huawei-LoopBack1]ip address 192.168.2.1 24
配置AR2网关
[Huawei]interface GigabitEthernet 0/0/0
[Huawei-GigabitEthernet0/0/0]ip address 12.0.0.2 24
配置环回AR2接口
[Huawei]interface loopback0
[Huawei-LoopBack0]ip address 172.16.1.1 24
[Huawei]interface loopback1
[Huawei-LoopBack1]ip address 172.16.2.124
测试
[Huawei]ping -a 192.168.1.1 172.16.1.1 ——可以指定发送数据包中的源IP
手工汇总:
当路由器可以访问多个连续的子网时,若均通过相同的下一跳,可以将这些网段进行汇总计算后,仅编辑到达汇总网段的路由即可,以达到减少路由条目,提高转发效率
汇总:192.168.1.0/24,192.168.2.0/24——192.168.0.0/224
路由黑洞:
在汇总中包含网络内实际不存在的网段,可能使流量有去无回浪费链路资源
合理的子网划分和汇总可以减少路由黑洞的产生
例子:网段划分192.168.1.0/24,192.168.2.0/24 汇总为192.168.0.0/22
ping 192.168.0.1这时没有这个网段,则出现黑洞
缺省路由:
一条不限定目标的路由条目(不指定目标,只指定下一跳),
特点:若查询本地所有路由均未匹配,则走缺省路由
[r1]ip route-static 0.0.0.0 0.0.0.0 12.0.0.2
[r1]ping 1.1.1.1
空接口路由:缺省路由和路由黑洞相遇将100%出环
空接口路由——Null0
如果Null0口做为出接口,则将所有匹配的路由信息全部丢弃
路由表匹配原则——最长匹配原则/精确匹配原则:子网掩码最长的(范围越小)
空接口路由配置:在黑洞路由器上配置一天空接口路由
ip route-static 192.168.0.0/22 Null 0
浮动静态路由:
通过修改默认优先级实现静态路由的备份效果
配置浮动静态路由
ip route-static 21.0.0.2 preference 100
display ip routing-table protocol static //只查看路由表的静态路由
测试使用另一条静太路由关闭之前的接口shutdown